Xen project Mailing List

[PATCH v4 3/4] xen: arm: enable stack protector feature

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Date: Tue, 14 Jan 2025 04:25:56 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=oOdNcIAOSgUxY9nIPcgrwfCpmXDyekAM1FEvRJo6MHM=; b=OZ5qxIAQY3sIPXf1sT0VPQhwQc84C5GyHdSMB7GX159pdJ08RAgkZC1U5n9tulYujHOO3QXVC6jnS8xsCT2RGIIALsk+Qj5eET3snS8XpfEI3Vyp4zN1qt/HlzJguuKmeyyDhuXNhfB44v/iJAgg5Y84bgdpawKDYLBOqsSZypqUZCTJXNW4dvjKDNzUBstrqsaS9bHNNPZSOUFjCNVhdrxfL9F6kj+UfR4wSE4uw8U5stVlhhtMZexOdggcFg1cKjeiLrSWnFuux26/bjHLhxriMgkD2axk0VT2CH+OnqTgPk5OevflMyO3oJIRSMY0OuZadT42j5zlQ/TL7Jvr5w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=twLS1QJUg53q+bKBQGsnqe7IItYwsHmxgiwkTBLCrvglecOqxHDRxvzJTDtcCUTKzfsE6jYvCb24eCHWlXj0a7e87QSZR2S36Zzf24XoBUuoCkmAeEj5pvA3BEejXxIHnXkwKMnfkrNSBwrZhX7lSfg+xm+hm8vATCnPHQdn+pKitA+9tu1HvmJEcWWTaaWAnzDHi+6jqWD71iPgonj95Ov42ib2dnxIf/bnqMiHBuqoW5AkofuNEJBtvGyaIVlN9mDbUhW8A8F9wbSoVCV5GiHrgW7wFY6my6FW1r26jBHKFY2UrvjfJ+LTWG9TcFn1Sqfht3ktu3Xou00y//kx8Q==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=epam.com;

Cc: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Tue, 14 Jan 2025 04:26:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHbZjxnrBLNCau4fk6dLN+QtVmLtA==

Thread-topic: [PATCH v4 3/4] xen: arm: enable stack protector feature

Enable previously added CONFIG_STACK_PROTECTOR feature for ARM platform. We initialize stack protector very early, in head.S using boot_stack_chk_guard_setup. This ensures that all C code from the very beginning can use stack protector. Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@xxxxxxxx> --- In v4: - setup.c does not call boot_stack_chk_guard_setup() anymore, because the original implementation was removed and boot_stack_chk_guard_setup_early was renamed to boot_stack_chk_guard_setup In v3: - Call boot_stack_chk_guard_setup_early from head.S to ensure that stack is protected from early boot stages - Call boot_stack_chk_guard_setup() later, when time subsystem is sufficiently initialized to provide values for the random number generator. In v2: - Reordered Kconfig entry --- xen/arch/arm/Kconfig | 1 + xen/arch/arm/arm64/head.S | 3 +++ 2 files changed, 4 insertions(+) diff --git a/xen/arch/arm/Kconfig b/xen/arch/arm/Kconfig index a26d3e1182..8f1a3c7d74 100644 --- a/xen/arch/arm/Kconfig +++ b/xen/arch/arm/Kconfig @@ -16,6 +16,7 @@ config ARM select GENERIC_UART_INIT select HAS_ALTERNATIVE if HAS_VMAP select HAS_DEVICE_TREE + select HAS_STACK_PROTECTOR select HAS_UBSAN config ARCH_DEFCONFIG diff --git a/xen/arch/arm/arm64/head.S b/xen/arch/arm/arm64/head.S index 72c7b24498..5cbd62af86 100644 --- a/xen/arch/arm/arm64/head.S +++ b/xen/arch/arm/arm64/head.S @@ -250,6 +250,9 @@ real_start_efi: #endif PRINT("- Boot CPU booting -\r\n") +#ifdef CONFIG_STACK_PROTECTOR + bl boot_stack_chk_guard_setup +#endif bl check_cpu_mode bl cpu_init -- 2.47.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.